云产品 | 服务角色名称 | 权限作用范围 | RBAC权限策略 |
应用实时监控服务ARMS | arms-aliyunserviceroleforarms-clusterrolebinding | cluster | arms-aliyunserviceroleforarms-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: arms-aliyunserviceroleforarms-clusterrole
rules:
- apiGroups: ["vector.oam.dev"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["o11y.aliyun.dev"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["pods","replicationcontrollers","podtemplates", "nodes", "services","events","persistentvolumes","persistentvolumeclaims","componentstatuses","bindings", "namespaces","endpoints", "configmaps", "secrets", "resourcequotas", "serviceaccounts","pods/log","services/proxy"]
verbs: ["*"]
- apiGroups: [""]
resources: ["nodes/metrics"]
verbs: ["get"]
- apiGroups: [""]
resources: ["limitranges"]
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]
verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["list", "watch"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["list", "watch"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses","volumeattachments"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps","extensions"]
resources: ["deployments", "daemonsets", "statefulsets","replicasets","networkpolicies"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
- apiGroups: ["monitoring.coreos.com"]
resources: ["alertmanagers","podmonitors","prometheuses","prometheuses/finalizers","alertmanagers/finalizers","servicemonitors","prometheusrules","probes"]
verbs: ["*"]
- apiGroups: ["monitor.aliyun.com"]
resources: ["alicloudpromrules","alicloudpromrules/status"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings","roles","clusterroles","clusterrolebindings"]
verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies","ingresses","ingressclasses"]
verbs: ["*"]
- apiGroups: ["apps.kruise.io"]
resources: ["statefulsets"]
verbs: ["*"]
- apiGroups: ["nsm.alibabacloud.com"]
resources: ["networkservices"]
verbs: ["*"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: ["log.alibabacloud.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["telemetry.alibabacloud.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
|
开源大数据开发平台E-MapReduce | emr-aliyunemronackdefaultrole-clusterrolebinding | cluster | emr-aliyunemronackdefaultrole-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: emr-aliyunemronackdefaultrole-clusterrole
rules:
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "endpoints", "configmaps", "secrets", "resourcequotas", "serviceaccounts","persistentvolumes","persistentvolumeclaims"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["deployments", "daemonsets", "statefulsets"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]
verbs: ["*"]
- apiGroups: ["sparkoperator.k8s.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["flink.apache.org"]
resources: ["*"]
verbs: ["*"]
|
阿里云云安全中心 | sas-aliyunserviceroleforsas-clusterrolebinding | cluster | sas-aliyunserviceroleforsas-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sas-aliyunserviceroleforsas-clusterrole
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["create"]
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["policygovernance-yundun-config"]
verbs: ["get", "update", "patch"]
- apiGroups: [""]
resources: ["services","pods"]
verbs: ["list"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["list"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["list"]
|
云数据库Tair | tair-aliyunserviceroleforkvstore-clusterrolebinding | cluster | tair-aliyunserviceroleforkvstore-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: tair-aliyunserviceroleforkvstore-clusterrole
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- get
- list
|
tair-aliyunserviceroleforkvstore-clusterrolebinding | ack-tair namespace | tair-aliyunserviceroleforkvstore-role apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: tair-aliyunserviceroleforkvstore-role
namespace: ack-tair
rules:
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- list
- create
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- get
- list
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- pods/exec
- pods/portforward
- pods/proxy
verbs:
- create
- get
- apiGroups:
- ""
resources:
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- services/proxy
verbs:
- create
- get
- apiGroups:
- tair.alibabacloud.com
resources:
- tairclusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- tair.alibabacloud.com
resources:
- tairclusters/finalizers
verbs:
- update
- apiGroups:
- tair.alibabacloud.com
resources:
- tairclusters/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- delete
- get
- list
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- get
- apiGroups:
- scheduling.sigs.k8s.io
resources:
- reserveresourcesets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
|
企业级分布式应用服务EDAS | edas-aliyunedasdefaultrole-clusterrolebinding | cluster | edas-aliyunedasdefaultrole-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: edas-aliyunedasdefaultrole-clusterrole
rules:
- apiGroups: [ "" ]
resources: [ "nodes", "nodes/stats" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods", "pods/exec", "pods/log", "pods/status", "limitranges", "services", "services/proxy", "namespaces", "endpoints", "configmaps", "secrets", "bindings", "resourcequotas", "serviceaccounts", "componentstatuses", "events", "persistentvolumeclaims", "persistentvolumes", "replicationcontrollers","podtemplates" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "apps" ]
resources: [ "deployments","daemonsets","statefulsets","replicasets","deployments/scale","statefulsets/scale","statefulsets/status","deployments/status","controllerrevisions" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: ["batch"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apiregistration.k8s.io"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [ "events.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["edas.aliyun.oam.com"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["autoscaling"]
resources: ["*"]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: ["oam-domain.alibabacloud.com" ]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["core.oam.dev"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["flagger.app"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [ "keda.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "log.alibabacloud.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "clm.cloudnativeapp.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "monitoring.coreos.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "extension.oam.dev" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "authentication.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: ["discovery.k8s.io"]
resources: ["*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [ "networking.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "scheduling.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "scheduling.sigs.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "snapshot.storage.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "storage.alibabacloud.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "certificates.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "flowcontrol.apiserver.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "policy" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "authorization.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "external.metrics.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- nonResourceURLs: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "keda.sh" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "alibabacloud.com" ]
resources: [ "albconfigs" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "autoscaling.alibabacloud.com" ]
resources: [ "advancedhorizontalpodautoscalers" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
- apiGroups: [ "metrics.alibabacloud.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "metrics.k8s.io" ]
resources: [ "pods","nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "apps.kruise.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "edas.alibabacloud.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "istio.aliyun.cloud.com" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "nacos.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
|
云数据库RDS | aliyunmybasecpaasdefaultrole-clusterrolebinding | cluster | rds-aliyunmybasecpaasdefaultrole-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rds-aliyunmybasecpaasdefaultrole-clusterrole
rules:
- apiGroups:
- ''
resources:
- nodes
- namespaces
- resourcequotas
- limitranges
- nodes/metrics
- replicationcontrollers
- nodes/proxy
verbs:
- list
- get
- watch
- apiGroups:
- ''
resources:
- services
- configmaps
- secrets
- pods
- pods/log
- pods/exec
- endpoints
- persistentvolumes
- persistentvolumeclaims
- events
verbs:
- '*'
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- list
- get
- watch
- create
- apiGroups:
- ''
resourceNames:
- mybase-operator
- polardbx-operator
- pre-install-kibana-kibana
- filebeat-filebeat
- post-delete-kibana-kibana
resources:
- serviceaccounts
verbs:
- '*'
- apiGroups:
- '*'
resources:
- namespaces
verbs:
- patch
- list
- create
- watch
- get
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- statefulsets
- controllerrevisions
- replicasets
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- filebeat-filebeat
- logstash-logstash
- kibana-kibana
- elasticsearch-master
resources:
- deployments
- daemonsets
- statefulsets
- replicasets
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- '*'
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- list
- get
- watch
- apiGroups:
- extensions
resources:
- deployments
- daemonsets
- statefulsets
- controllerrevisions
- replicasets
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- get
- watch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- list
- get
- watch
- create
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- mybase-operator
- polardbx-operator
- polardbx-controller-manager
- mybase-monitoring
- filebeat-filebeat-role
- filebeat-filebeat-role-binding
- filebeat-filebeat-cluster-role
- filebeat-filebeat-cluster-role-binding
- pre-install-kibana-kibana
- post-delete-kibana-kibana
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- list
- get
- watch
- create
- apiGroups:
- apiextensions.k8s.io
resourceNames:
- mybaseappinstancebackuppolicies.apps.k8s.mybase.aliyun.com
- mybaseappdefinitions.apps.k8s.mybase.aliyun.com
- mybaseappinstanceops.apps.k8s.mybase.aliyun.com
- mybaseappinstances.apps.k8s.mybase.aliyun.com
- polardbxbackupbinlogs.polardbx.aliyun.com
- polardbxbackups.polardbx.aliyun.com
- polardbxbackupschedules.polardbx.aliyun.com
- polardbxclusterknobs.polardbx.aliyun.com
- polardbxclusters.polardbx.aliyun.com
- polardbxlogcollectors.polardbx.aliyun.com
- polardbxmonitors.polardbx.aliyun.com
- polardbxparameters.polardbx.aliyun.com
- polardbxparametertemplates.polardbx.aliyun.com
- systemtasks.polardbx.aliyun.com
- xstorebackups.polardbx.aliyun.com
- xstorefollowers.polardbx.aliyun.com
- xstores.polardbx.aliyun.com
resources:
- customresourcedefinitions
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apps.k8s.mybase.aliyun.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- polardbx.aliyun.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- v1.admission.polardbx.aliyun.com
resources:
- '*'
verbs:
- '*'
- apiGroups:
- apiregistration.k8s.io
resources:
- apiservices
verbs:
- list
- get
- watch
- create
- apiGroups:
- apiregistration.k8s.io
resourceNames:
- v1.admission.polardbx.aliyun.com
resources:
- apiservices
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- list
- get
- watch
- create
- apiGroups:
- admissionregistration.k8s.io
resourceNames:
- polardbxcluster-mutate.polardbx.aliyun.com
- polardbxcluster-validate.polardbx.aliyun.com
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- '*'
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- list
- get
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- update
- delete
- patch
- create
- list
- get
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
|
云监控 | aliyunserviceroleforcloudmonitor-clusterrolebinding | cluster | cloudmonitor-aliyunserviceroleforcloudmonitor-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloudmonitor-aliyunserviceroleforcloudmonitor-clusterrole
rules:
- apiGroups: ["vector.oam.dev"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["o11y.aliyun.dev"]
resources: ["*"]
verbs: ["*"]
- apiGroups: [""]
resources: ["pods","replicationcontrollers","podtemplates", "nodes", "services","events","persistentvolumes","persistentvolumeclaims","componentstatuses","bindings", "namespaces","endpoints", "configmaps", "secrets", "resourcequotas", "serviceaccounts","pods/log","services/proxy"]
verbs: ["*"]
- apiGroups: [""]
resources: ["nodes/metrics"]
verbs: ["get"]
- apiGroups: [""]
resources: ["limitranges"]
verbs: ["list", "watch"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "list", "watch"]
- apiGroups: ["extensions"]
resources: ["ingresses"]
verbs: ["list", "watch"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]
verbs: ["list", "watch"]
- apiGroups: ["autoscaling"]
resources: ["horizontalpodautoscalers"]
verbs: ["list", "watch"]
- apiGroups: ["policy"]
resources: ["poddisruptionbudgets"]
verbs: ["list", "watch"]
- apiGroups: ["certificates.k8s.io"]
resources: ["certificatesigningrequests"]
verbs: ["list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses","volumeattachments"]
verbs: ["get", "list", "watch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps","extensions"]
resources: ["deployments", "daemonsets", "statefulsets","replicasets","networkpolicies"]
verbs: ["*"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
- apiGroups: ["monitoring.coreos.com"]
resources: ["alertmanagers","podmonitors","prometheuses","prometheuses/finalizers","alertmanagers/finalizers","servicemonitors","prometheusrules","probes"]
verbs: ["*"]
- apiGroups: ["monitor.aliyun.com"]
resources: ["alicloudpromrules","alicloudpromrules/status"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: ["rolebindings","roles","clusterroles","clusterrolebindings"]
verbs: ["*"]
- apiGroups: ["networking.k8s.io"]
resources: ["networkpolicies","ingresses","ingressclasses"]
verbs: ["*"]
- apiGroups: ["apps.kruise.io"]
resources: ["statefulsets"]
verbs: ["*"]
- apiGroups: ["nsm.alibabacloud.com"]
resources: ["networkservices"]
verbs: ["*"]
- nonResourceURLs:
- "/metrics"
verbs:
- get
- apiGroups: [""]
resources: ["serviceaccounts/token"]
verbs: ["create"]
- apiGroups: ["log.alibabacloud.com"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["telemetry.alibabacloud.com"]
resources: ["*"]
verbs: ["*"]
|
微服务引擎MSE | mse-aliyunserviceroleformse-clusterrolebinding | cluster | mse-aliyunserviceroleformse-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mse-aliyunserviceroleformse-clusterrole
rules:
# base
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "endpoints", "secrets", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
# ingress
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "ingressclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["*"]
# Use for Kubernetes Service APIs
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["*"]
# CRD
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
# istio
- apiGroups: ["networking.istio.io"]
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
resources: [ "workloadentries" ]
- apiGroups: ["networking.istio.io"]
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
resources: [ "workloadentries/status" ]
# demo
- apiGroups: [""]
resources: ["services", "namespaces"]
verbs: ["get", "list", "watch", "create"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create"]
|
mse-aliyunserviceroleformsediagnosis-clusterrolebinding | cluster | mse-aliyunserviceroleformsediagnosis-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mse-aliyunserviceroleformsediagnosis-clusterrole
rules:
# base
- apiGroups: [ "" ]
resources: [ "nodes", "nodes/stats" ]
verbs: [ "get", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods", "pods/exec", "pods/log", "pods/status", "services", "services/proxy", "namespaces", "endpoints", "configmaps", "componentstatuses", "events","podtemplates" ]
verbs: [ "get", "watch", "create"]
- apiGroups: [ "apps" ]
resources: [ "deployments","daemonsets","statefulsets","replicasets","statefulsets/status","deployments/status" ]
verbs: [ "get", "watch", "create"]
|
API网关 | apig-aliyunservicerolefornativeapigw-clusterrolebinding | cluster | apig-aliyunservicerolefornativeapigw-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: apig-aliyunservicerolefornativeapigw-clusterrole
rules:
# base
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "endpoints", "secrets", "configmaps"]
verbs: ["get", "watch", "list"]
- apiGroups: ["discovery.k8s.io"]
resources: ["endpointslices"]
verbs: ["get", "list", "watch"]
# ingress
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses", "ingressclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses/status"]
verbs: ["*"]
# Use for Kubernetes Service APIs
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"]
resources: ["*"]
verbs: ["*"]
# CRD
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch"]
# istio
- apiGroups: ["networking.istio.io"]
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
resources: [ "workloadentries" ]
- apiGroups: ["networking.istio.io"]
verbs: [ "get", "watch", "list", "update", "patch", "create", "delete" ]
resources: [ "workloadentries/status" ]
# demo
- apiGroups: [""]
resources: ["services", "namespaces"]
verbs: ["get", "list", "watch", "create"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create"]
|
日志服务SLS | sls-aliyunserviceroleforslsaudit-clusterrolebinding | cluster | sls-aliyunserviceroleforslsaudit-role apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sls-aliyunserviceroleforslsaudit-role
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- get
- list
- watch
- apiGroups:
- "*"
resources:
- namespaces
- deployments
- serviceaccounts
- clusterroles
- clusterrolebindings
- daemonsets
- services
- aliyunlogconfigs
verbs:
- create
- patch
- delete
- nonResourceURLs:
- /metrics
verbs:
- get
|
检索分析服务Elasticsearch版 | elasticsearch-aliyunserviceroleforelasticsearchcollector-rolebinding | captain-system namespace | elasticsearch-aliyunserviceroleforelasticsearchcollector-role apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elasticsearch-aliyunserviceroleforelasticsearchcollector-role
namespace: captain-system
rules:
- apiGroups:
- ""
resources:
- pods/attach
- pods/exec
- pods/portforward
- pods/proxy
- secrets
- services/proxy
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- pods
- pods/attach
- pods/exec
- pods/portforward
- pods/proxy
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- replicationcontrollers
- replicationcontrollers/scale
- secrets
- serviceaccounts
- services
- services/proxy
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- persistentvolumeclaims/status
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- services/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- replicasets
- replicasets/scale
- replicasets/status
- statefulsets
- statefulsets/scale
- statefulsets/status
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
- horizontalpodautoscalers/status
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- cronjobs/status
- jobs
- jobs/status
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- ingresses
- ingresses/status
- networkpolicies
- replicasets
- replicasets/scale
- replicasets/status
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
- poddisruptionbudgets/status
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingresses/status
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
- localsubjectaccessreviews
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- app.alauda.io
resources:
- helmrequests
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
|
elasticsearch-aliyunserviceroleforelasticsearchcollector-rolebinding | logging namespace | elasticsearch-aliyunserviceroleforelasticsearchcollector-role apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: elasticsearch-aliyunserviceroleforelasticsearchcollector-role
namespace: logging
rules:
- apiGroups:
- ""
resources:
- pods/attach
- pods/exec
- pods/portforward
- pods/proxy
- secrets
- services/proxy
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- impersonate
- apiGroups:
- ""
resources:
- pods
- pods/attach
- pods/exec
- pods/portforward
- pods/proxy
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- replicationcontrollers
- replicationcontrollers/scale
- secrets
- serviceaccounts
- services
- services/proxy
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
- statefulsets/scale
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- ingresses
- networkpolicies
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- networkpolicies
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- persistentvolumeclaims/status
- pods
- replicationcontrollers
- replicationcontrollers/scale
- serviceaccounts
- services
- services/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- bindings
- events
- limitranges
- namespaces/status
- pods/log
- pods/status
- replicationcontrollers/status
- resourcequotas
- resourcequotas/status
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- controllerrevisions
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- replicasets
- replicasets/scale
- replicasets/status
- statefulsets
- statefulsets/scale
- statefulsets/status
verbs:
- get
- list
- watch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
- horizontalpodautoscalers/status
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- cronjobs/status
- jobs
- jobs/status
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- daemonsets/status
- deployments
- deployments/scale
- deployments/status
- ingresses
- ingresses/status
- networkpolicies
- replicasets
- replicasets/scale
- replicasets/status
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
- poddisruptionbudgets/status
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingresses/status
- networkpolicies
verbs:
- get
- list
- watch
- apiGroups:
- authorization.k8s.io
resources:
- localsubjectaccessreviews
verbs:
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- app.alauda.io
resources:
- helmrequests
- releases
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- elasticsearch.kubernetes.aliyun.com
resources:
- logcollectors
- indexlifecyclebindings
- indexlifecyclepolicies
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- beat.kubernetes.aliyun.com
resources:
- beats
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
|
elasticsearch-aliyunserviceroleforelasticsearchcollector-clusterrolebinding | cluster | elasticsearch-aliyunserviceroleforelasticsearchcollector-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: elasticsearch-aliyunserviceroleforelasticsearchcollector-clusterrole
rules:
- apiGroups: [""]
resources: ["pods", "nodes", "services", "namespaces", "endpoints", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "patch", "update", "create"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["app.alauda.io"]
resources: ["helmrequests"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
人工智能平台PAI | pai-aliyunpaidlcdefaultrole-clusterrolebinding | cluster | pai-aliyunpaidlcdefaultrole-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pai-aliyunpaidlcdefaultrole-clusterrole
rules:
- apiGroups: [ "" ]
resources: [ "secrets", "secrets/status", "services", "namespaces", "endpoints", "serviceaccounts", "configmaps/status",
"persistentvolumes", "persistentvolumes/status", "events", "events/status", "persistentvolumeclaims", "pods", "pods/log", "replicationcontrollers", "bindings",
"limitranges", "pods/attach", "pods/exec", "pods/portforward", "pods/proxy", "services/proxy"]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "" ]
resources: [ "serviceaccounts" ]
verbs: [ "impersonate" ]
- apiGroups: [ "" ]
resources: [ "configmaps", "pods", "services", "secrets", "endpoints", "configmaps" ]
verbs: [ "*" ]
- apiGroups: [ "" ]
resources: [ "pods/status","pods/binding", "namespaces/status", "persistentvolumeclaims/status", "replicationcontrollers/scale",
"replicationcontrollers/status", "resourcequotas", "resourcequotas/status", "services/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "" ]
resources: [ "nodes", "nodes/status" ]
verbs: [ "create", "delete", "update", "get", "list", "watch", "patch", "deletecollection" ]
- apiGroups: [ "apps" ]
resources: [ "statefulsets", "daemonsets", "deployments", "controllerrevisions", "replicasets" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "apps" ]
resources: [ "statefulsets/status", "daemonsets/status", "deployments/scale", "deployments/status",
"replicasets/scale", "replicasets/status", "statefulsets/scale", "deployments/rollback" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "rbac.authorization.k8s.io" ]
resources: [ "clusterrolebindings", "clusterroles", "roles", "roles/status", "rolebindings", "rolebindings/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "authentication.k8s.io" ]
resources: [ "tokenreviews" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "authorization.k8s.io" ]
resources: [ "subjectaccessreviews" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "mutatingwebhookconfigurations", "validatingwebhookconfigurations" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "networking.k8s.io" ]
resources: [ "ingresses", "ingresses/status", "networkpolicies" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "batch" ]
resources: [ "jobs", "cronjobs", "jobs/status", "cronjobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "batch/v1" ]
resources: [ "jobs" ]
verbs: [ "get", "create", "list", "watch", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "autoscaling" ]
resources: [ "horizontalpodautoscalers", "horizontalpodautoscalers/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases", "leases/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "*" ]
- apiGroups: [ "data.fluid.io" ]
resources: [ "datasets", "datasets/status", "jindoruntimes", "jindoruntimes/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "replicasets", "replicasets/status", "daemonsets", "daemonsets/status", "deployments",
"deployments/scale", "deployments/status", "deployments/rollback", "ingresses", "ingresses/status", "networkpolicies",
"replicasets/scale", "replicationcontrollers/scale" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "metrics.k8s.io" ]
resources: [ "nodes", "pods" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "kubeflow.org" ]
resources: [ "tfjobs", "pytorchjobs", "tfjobs/status", "pytorchjobs/status", "mpijobs", "mpijobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "xdl.kubedl.io" ]
resources: [ "xdljobs", "xdljobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "xgboostjob.kubeflow.org" ]
resources: [ "xgboostjobs", "xgboostjobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "events.k8s.io" ]
resources: [ "events" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "policy" ]
resources: [ "poddisruptionbudgets", "poddisruptionbudgets/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "apps.kruise.io" ]
resources: [ "statefulsets" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "scheduling.alibabacloud.com" ]
resources: [ "gpudevices", "allocgroups", "allocgroups/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "gputopology.kubedl.io" ]
resources: [ "gputopologies" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses", "csinodes", "volumeattachments" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "scheduling.k8s.io" ]
resources: [ "priorityclasses" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "scheduling.x-k8s.io" ]
resources: [ "queueunits", "queueunits/status", "queues" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "scheduling.sigs.k8s.io" ]
resources: [ "elasticquotatrees" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "certificates.k8s.io" ]
resources: [ "certificatesigningrequests", "certificatesigningrequests/approval", "signers" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection", "approve" ]
- apiGroups: [ "discovery.k8s.io" ]
resources: [ "endpointslices" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "monitoring.coreos.com" ]
resources: [ "servicemonitors" ]
verbs: [ "get", "create", "list", "watch", "update", "patch", "delete", "deletecollection"]
- apiGroups: [ "inference.kubedl.io" ]
resources: [ "elasticbatchjobs", "elasticbatchjobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "gateway.solo.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "argoproj.io" ]
resources: [ "clusterworkflowtemplates", "clusterworkflowtemplates/finalizers", "cronworkflows", "cronworkflows/finalizers",
"workflows", "workflows/finalizers", "workflowtemplates", "workflowtemplates/finalizers" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "paiflow.alibaba-inc.com" ]
resources: [ "clusterworkflowtemplates", "clusterworkflowtemplates/finalizers", "cronworkflows", "cronworkflows/finalizers",
"workflows", "workflows/finalizers", "workflowtemplates", "workflowtemplates/finalizers",
"workfloweventbindings", "workfloweventbindings/finalizers" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "dlc.alibaba.com" ]
resources: [ "datasources", "datasources/status", "dlcinstanceresourcepatches", "dlcinstanceresourcepatches/status",
"dlcinstances", "dlcinstances/status", "resourcegroups", "resourcegroups/status", "tensorboards", "tensorboards/status"]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "eas.alibaba-inc.k8s.io" ]
resources: [ "resourcemigrations", "resourcemigrations/status", "tenantresources", "tenantresources/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "paiflow.pai.alibaba-inc.com" ]
resources: [ "aiworkspaces" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "gloo.solo.io", "enterprise.gloo.solo.io", "graphql.gloo.solo.io" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "ratelimit.solo.io" ]
resources: [ "ratelimitconfigs","ratelimitconfigs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "dsw.alibaba.com" ]
resources: [ "dswinstances", "dswinstances/status", "idleinstancecullers", "idleinstancecullers/status",
"images", "images/status", "notebooks", "notebooks/status", "credentials", "credentials/status",
"nasvolumes", "nasvolumes/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: [ "training.pai.alibaba-inc.com" ]
resources: [ "trainingjobs", "trainingjobs/status" ]
verbs: [ "get", "list", "watch", "create", "update", "patch", "delete", "deletecollection" ]
- apiGroups: ["scheduling.sigs.k8s.io"]
resources: ["podgroups"]
verbs: ["get", "delete"]
|
云原生应用组装平台 | bizworks-aliyunserviceroleforbizworks-clusterrolebinding | cluster | 该角色权限为最高权限,可安装任意Helm Chart。 bizworks-aliyunserviceroleforbizworks-clusterrole apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bizworks-aliyunserviceroleforbizworks-clusterrole
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'
- nonResourceURLs:
- '*'
verbs:
- '*'
|